[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Apr 11 07:35:05 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ee298b2 by Salvatore Bonaccorso at 2024-04-11T08:16:57+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 a
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-3448 (Users with low privileges can perform certain AJAX actions.  In this v ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...)
@@ -133,11 +133,11 @@ CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar versions
 CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) ...)
 	TODO: check
 CVE-2024-2731 (Users with low privileges (all permissions deselected in the administr ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing pages, th ...)
 	NOT-FOR-US: Mautic
 CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary file upl ...)
-	TODO: check
+	NOT-FOR-US: qdrant
 CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, a ...)
 	TODO: check
 CVE-2024-2196 (aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allow ...)
@@ -221,7 +221,7 @@ CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper authoriz
 CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user ...)
 	TODO: check
 CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2024-1643 (By knowing an organization's ID, an attacker can join the organization ...)
 	TODO: check
 CVE-2024-1625 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
@@ -237,9 +237,9 @@ CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_f
 CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path traversa ...)
 	TODO: check
 CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, c ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Networks Guardian
 CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information.  ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Networks
 CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...)
 	TODO: check
 CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ee298b24c7dda946b4432c03a9ced3ae2d87738
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240411/4306aa54/attachment.htm>
